Between two boxes manually

Suppose we have two boxes, A and B, and we want to establish IPsec between them.

Here's how:

  1. On each box, create a script file (let's say its name is my_script) having the following content:
    # args: This script takes two arguments:
    #    - The first one is the IP address of the box that is to
    #      run it on.  
    #    - The second one is the IP address of the box that this
    #      box is to establish IPsec connection to.
    # The following two lines are to clean the database.
    # They're here simply to demonstrate the "hello world" level
    # connection.
    setkey -FP
    setkey -F
    # Use setkey to input all of the SA content.
    setkey -c << EOF
    spdadd $Myself $Remote any -P out ipsec esp/transport/$Myself-$Remote/require;
    spdadd $Remote $Myself any -P in ipsec esp/transport/$Remote-$Myself/require;
    add  $Myself $Remote esp 1234 -m any -E 3des-cbc "KeyIsTwentyFourBytesLong";
    add  $Remote $Myself esp 1234 -m any -E 3des-cbc "KeyIsTwentyFourBytesLong";
  2. On BoxA, run ./my_script BoxA BoxB, or give the IP address of each box if the name can't be resolved.
  3. Similarly, on BoxB, run ./my_script BoxB BoxA.

Now you can check the connection by pinging each box from the other. You can get the IPsec status by using setkey -PD.